Comprehensive Substation Security for Critical Utilities

Supervisory Control and Data Acquisition (SCADA) systems are used for controlling industrial automation operations at utilities such as electric power, water and oil & gas. In power utilities the SCADA function is fulfilled by Distribution Management Systems (DMS); these SCADA systems are responsible for controlling highly critical operations, making them in recent years a primary target for cyber attacks.

Due to their complexity and criticality, and to meet relevant governing standards and regulations, protecting power substations requires an integrated system that goes beyond firewall protection. Much of the vulnerabilities in today’s Industry 4.0 automation networks stem from inter-device communications, which may not be intercepted by on-site firewalls typically designed to handle incoming and outgoing traffic.

In addition, the rise of standards and regulations for the power generation sector, such as NERC-CIP regulations for protecting Bulk Electric Systems (BES) and IEC 62443 for Industrial Automation and Control Systems, requires that any cyber-security solution installed would be compliant with all mandatory standards

Radiflow’s multi-tiered solution suite for critical industrial control networks (ICS) covers all facets of protection, monitoring and management needs of critical OT networks: 

  • The iSID threat detection & monitoring platform, for the detection, prevention and ongoing monitoring of attack attempts
  • A complete visual model of the OT network: assets, connections, protocols and vulnerabilities
  • Intelligent alerting upon anomalous network behavior and changes to devices
  • Management of network and device vulnerabilities
  • CIA (Confidentiality, Integrity & Availability, as well as Safety) per-business process risk evaluation and ongoing mitigation, using Radiflow CIARA
  • Management of physical and virtual access into the OT network, with Industrial DPI firewall capabilities

On-Site or Central Deployment

To comply with cyber defense requirements, Radiflow’s iSID threat detection & monitoring platform allows for on- and off-site deployment:

  • Central location: iSID can be deployed at a central location (e.g. corporate SOC or OT-MSSP SOC) for analysis of ongoing network data received from all remote sites. To prevent network overload (due to large volumes of data received from multiple substations, which is often the case in central data analysis) and to compensate for low-bandwidth connections, the iSAP Smart Collector can significantly reduce data volume while maintaining integrity, using a unique filtering and compression algorithm.
  • On-site at substation: iSID can deployed on-site at select remote sites, with or without an additional central deployment of iSID. Management of multiple instances of iSID is facilitated by the iCEN management console. The consideration whether to deploy iSID at a central location or on-site depends on how crucial is the remote site and how complex its network. As a rule, iSID should be installed on-site at critical sites (as defined by the operator), where the complexity of the network exposes it to in-field attacks. This is usually the case in large sites that host a large number of often-unprotected devices, which makes it extremely difficult to detect the source and the pattern of cyber-attacks. In the case of on-site deployment, all iSID systems are managed from a central location using the iCEN management solution for multiple instances of iSID. Radiflow’s iCEN provides efficient access and management of multiple local instances of iSID through a simple map-based interface.

Three-Tier Protection

Product Features

iSID: Industrial Threat & Vulnerability Detection

  • System-wide visibility
  • Auto-learning of assets, links & business processes
  • Multiple security engines; Attack Vector Analysis
  • Non-intrusive DPI analysis
  • PLC monitoring for configuration changes
  • Central or local (on-site) deployment

iCEN: Central Monitoring & Management for iSID

  • System-wide view of assets, iSID health, alerts & maintenance status
  • Centralized provisioning
  • Dual display modes: map and tabular
  • Local and remote (using AD)u00a0user management
  • Ideal for OT-MSSPs

iSAP: Smart OT Data Traffic Collector

  • Collection of all LAN traffic via port mirroring
  • Compressed, filtered stream with unidirectional encrypted tunneling, for low-bandwidth connections
  • Single iSAP per remote site

iSEG: Secure DPI-Firewall Gateways

  • Authentication Proxy Access (APA) for user authentication & pre-configured task-basedu00a0access
  • User activity log within each remote access session for compliance & auditing; validation ofu00a0user behavior using a per-port DPI firewall
  • IPsec VPN for secure inter-site connectivity between manufacturing facilities
  • Ruggedized appliances with Ethernet & Serial interfaces
  • iSIM remote management dashboard for large iSEG arrays

CIARA: Industrial Risk Analysis & Management

  • Assess the actual business-related impact of cyber-risk in OT networks with uniqueu00a0calculation of likelihood of attack
  • Plain-language, prioritized mitigation recommendations
  • Treat intelligence (TI)-based risk analytics and risk impact reports
  • IEC 62443 reporting support

iSOC: MSSP Framework

  • iSID and CIARAu00a0Optimized operation in OT-MSSP SOC setting
  • iCEN for managing multiple instances of iSID
  • Integration with leading industry CVE vulnerability database update and alert feeds

Implementation

Substation with iSID on-site

Substation with iSID at central location (corporate or MSSP SOC)